Tag Archive for: DEF

DEF CON to set thousands of hackers loose on AI

/in


No sooner did ChatGPT get unleashed than hackers started “jailbreaking” the artificial intelligence chatbot — trying to override its safeguards so it could blurt out something unhinged or obscene.

But now its maker, OpenAI, and other major AI providers such as Google and Microsoft, are coordinating with the Biden administration to let thousands of hackers take a shot at testing the limits of their technology.



Hacking AI

Rumman Chowdhury, co-founder of Humane Intelligence, a nonprofit developing accountable AI systems, works at her computer May 8, 2023, in Katy, Texas. Chowdhury is the lead coordinator of the mass hacking event planned for this summer’s DEF CON hacker convention in Las Vegas.




Some of the things they’ll be looking to find: How can chatbots be manipulated to cause harm? Will they share the private information we confide in them to other users? And why do they assume a doctor is a man and a nurse is a woman?

“This is why we need thousands of people,” said Rumman Chowdhury, a coordinator of the mass hacking event planned for this summer’s DEF CON hacker convention in Las Vegas that’s expected to draw several thousand people. “We need a lot of people with a wide range of lived experiences, subject matter expertise and backgrounds hacking at these models and trying to find problems that can then go be fixed.”

People are also reading…

Source…

EFF’s DEF CON 30 Puzzle—SOLVED

/in


Puzzlemaster Aaron Steimle of the Muppet Liberation Front contributed to this post.

Every year, EFF joins thousands of computer security professionals, tinkerers, and hobbyists for Hacker Summer Camp, the affectionate term used for the series of Las Vegas technology conferences including BSidesLV, Black Hat, DEF CON, and more. EFF has a long history of standing with online creators and security researchers at events like these for the benefit of all tech users. We’re proud to honor this community’s spirit of curiosity, so each year at DEF CON we unveil a limited edition EFF member t-shirt with an integrated puzzle for our supporters (check the archive!). This year we had help from some special friends.

“The stars at night are big and bright down on the strip of Vegas”

For EFF’s lucky 13th member t-shirt at DEF CON 30, we had the opportunity to collaborate with iconic hacker artist Eddie the Y3t1 Mize and the esteemed multi-year winners of EFF’s t-shirt puzzle challenge: Elegin, CryptoK, Detective 6, and jabberw0nky of the Muppet Liberation Front.

Extremely Online skeleton wearing a top hat with electricity

Extremely Online members’ design with an integrated challenge.

The result is our tongue-in-cheek Extremely Online T-Shirt, an expression of our love for the internet and the people who make it great. In the end, one digital freedom supporter solved the final puzzle and stood victorious. Congratulations and cheers to our champion cr4mb0!

But How Did They Do It?

Take a guided tour through each piece of the challenge with our intrepid puzzlemasters from the Muppet Liberation Front. Extreme spoilers ahead! You’ve been warned…

_____________________

Puzzle 0

The puzzle starts with the red letters on the shirt on top of a red cube. Trying common encodings won’t work, but a quick Google search of the letters will return various results containing InterPlanetary File System (IPFS) links. The cube is also the logo for IPFS. Thus, the text on the shirt resolves to the following IPFS hash/address:

ipfs://bafkreiebzehf2qlxsm5bdk7cnrnmtnojwb53bnwyrgkkt7ypx5u53typcu

Puzzle 0 QR Code

QR codes have a standard format and structure that requires the large squares to be placed in three of the four corners. With this in mind, the image can be seen as four…

Source…

DEF CON Safe Mode Demo Labs – Ajin Abraham – Mobile App Security Testing with MobSF

/in



Top Hacks from Black Hat and DEF CON 2021

/in


Tools, techniques, and (hybrid) procedures

Top hacks from Black Hat and DEF CON 2021

Hacker Summer Camp 2021 adopted a hybrid format this year, as the restrictions imposed by the ongoing coronavirus epidemic meant that the majority of participants to Black Hat and DEF CON tuned in online rather than turning up in Las Vegas.

CATCH UP Black Hat 2021: Zero-days, ransoms, supply chains, oh my!

Security researchers made up for the lack of audience interaction by showing that – like the athletes competing at this month’s Olympics and Paralympics – they could go faster, higher, and stronger together.

Still catching up on the proceedings? Look no further:

Attacking Let’s Encrypt

Researchers showed how to circumvent domain validation controls from Lets Encrypt

At Black Hat, researchers from the Fraunhofer Institute for Secure Information Technology showed how the security controls introduced with Let’s Encrypt’s multi-perspective validation feature might be abused.

Circumventing these controls, which were introduced in February 2020 in response to earlier attacks, makes it possible for attackers to get digital certificates for web domains they do now own, offering a springboard for phishing attacks or other scams.

By introducing packet loss or latency to connections to some of the nameservers, an attacker could force the system to rely on a nameserver of their choice – downgrading the security offered by multiperspective validation.

The work shows that domain validation, though it enjoys advantages because it is low cost and lends itself to automation, is not yet secure and needs to be refined in order to become more effective as a barrier to fraud.

Pulling the pin on FragAttacks

At Black Hat, security researcher Mathy Vanhoef shared his impressive work on FragAttacks fragmentation and aggregation attacks) and – with the help of Tom Van Goethem – timing attacks.

For the former, he described how implementation flaws and design vulnerabilities in WiFi’s frame aggregation and fragmentation features affect all protected WiFi networks, and even the WEP protocol dating back to 1997.

Certain implementation bugs were particularly widespread and trivial to exploit, he warned.

The gradual adoption of ‘operating channel validation’ (PDF) and ‘beacon protection’…

Source…